Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SOC 2 Section 3

SOC 2 Section 3

SOC 2 Section 3, also known as the “system description,” is a requirement of the SOC 2 standard. The system description, which is included in Section III of a SOC 2 report, provides important details about the personnel, processes, and technology that support your product or service.

It is a summary of your organization and its systems. It should also include information on how the organization’s systems are monitored and tested, as well as any third-party service providers that are used to support the organization’s systems.

Additional reading

Understanding FedRAMP Controls: An Up-to-date Guide (2025)

Let’s say your cloud platform is preparing for FedRAMP. You’ve likely heard terms like NIST controls, SSPs, and security audits in early planning calls. But what do these controls actually include? How many are relevant to your system? And how do they connect to the larger compliance process? These questions come up early and often—and…

SOC 2 Reports: Types & Steps To Get It

In today’s day and age, data security is a pivotal selling point. Customers and prospects want to know that their data is secure and that the companies they sign on with have sufficient measures to ensure it stays that way. And so, companies are often tasked with proving the effectiveness of their security controls.  A…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales